Server-Side Request Forgery Vulnerability in Ivanti Connect Secure

CVE-2024-21893
8.2HIGH

Key Information

Vendor
Ivanti
Status
ICS
IPS
Vendor
CVE Published:
31 January 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 95%📰 News Worthy

Summary

The CVE-2024-21888 and CVE-2024-21893 vulnerabilities in Ivanti's Connect Secure and Policy Secure products present serious security risks, with potential exploitation by threat actors, including ransomware groups. These vulnerabilities allow for privilege escalation and server-side request forgery, leading to unauthorized access to restricted resources. The US Cybersecurity and Infrastructure Security Agency (CISA) has urged immediate patching and mitigation strategies for affected systems, emphasizing the critical nature of these vulnerabilities. The ongoing discovery of vulnerabilities in Ivanti products being actively exploited highlights the need for robust security measures and prompt action to safeguard enterprise networks.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21893 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

ICS <= 9.1R18

ICS <= 22.6R2

IPS <= 9.1R18

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-21893.py
Created by h4x0r-dz

CVE-2024-21893-to-CVE-2024-21887
Created by Chocapikk

News Articles

favicon imageRed Hot Cyber

TIM Red Team Research scopre un Bug di CSV Injection su Ericsson Network Manager (ENM)

Il laboratorio di ricerca sui bug di TIM il Red Team Research, rileva un bug sul prodotto Ericsson Network Manager (ENM) ed Ericsson emette un bollettino.

8 months ago

favicon imageCSO Online

Attackers target new Ivanti XXE vulnerability days after patch

The new vulnerabilities were introduced by a fix for the previous Ivanti flaws, and customers are urged to install a new update.

9 months ago

favicon imageMSSP Alert

Ivanti Finds Another High Severity Vulnerability

This is the fifth vulnerability revealed during February, with three of the flaws being actively exploited.

9 months ago

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by Dark Reading

  • 👾

    Exploit exists.

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database2 Proof of Concept(s)19 News Article(s)
.